The BusinessWeek magazine website has been infected with code that could redirect visitors to malicious servers.
The site’s infection seems to be a classic SQL injection attack — code injected into servers feeding the site link to a Russian domain that could download malware onto the computers of the website’s users.
The infection seems to have been in place for some time. According to Google Safe Browsing, “Of the 2,157 pages tested on the site over the past 90 days, 214 pages resulted in malicious software being downloaded and installed without user consent.”
The Google summary reports that some 11 domains appear to be functioning as intermediaries for distributing malware to visitors of the site.
BusinessWeek has responded in a release that said, “Online security is a top priority and, while we continue to investigate the matter, we are confident that our readers’ personal information has not been compromised.”
This threat and others like it seem to be spreading.
According to a blog entry by Graham Cluley, senior technology consultant at Sophos, “Over 16,000 new infected webpages are discovered every single day. That’s one every five seconds — three times faster than the rate during 2007.”
According to Ryan Barnett, director of application security at Breach Security, the underlying issue centers on mass SQL injection bots.
“The vulnerabilities are at the web application, which may not be doing proper validation, or at the database itself, which may allow users too high level a privilege,” he told SCMagazineUS.com. “It also could be that a web application encodes data coming back from the server improperly, so that the browser can be tricked – it does not know that it is not supposed to execute the malicious code.”
He added: “These three factors are behind the attacks. All three have to be in place, and unfortunately at a lot of sites they are.”